The CozyDuke Targeted Attacks

VIRUS DEFINITION

Virus Type: Advanced Persistent Threat (APT)

What is CozyDuke?

CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The group hunts for confidential information stored in the networks of government and commercial entities in several countries.

Who are the victims of these attacks?

This is highly targeted attack. Kaspersky Lab observed indicators of attacks against government organizations and commercial entities in the US, Germany, South Korea and Uzbekistan. Some of the targets from 2014 include the White House and Department of State in the US.

Am I at risk?

You might be a target of Hellsing if the following risk factors are familiar to you:

Risk factors:

If you work for/with governments and\or companies in the US, Germany, South Korea or Uzbekistan

If you receive and read hundreds of emails, open attachments

If you have received suspicious SFX files Inside RAR/ZIP archives or hyperlinks that lead to downloading of archives

How do I know if I’m infected?

Don’t open attachments and links from unknown persons

Regularly scan your PC with advanced antimalware solution

Beware of ZIP archives with SFX files inside

If you are unsure about the attachment, try to open it in a sandbox

Make sure you have a modern operating system with all patches installed